MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b44bdbeb35617b790c2e57d3e2cd84f8c6c23dd8b32a7559ecd08222d5740899. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MassLogger


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b44bdbeb35617b790c2e57d3e2cd84f8c6c23dd8b32a7559ecd08222d5740899
SHA3-384 hash: 7ee79420565e185203b783ff4448fb8f812be5c6094e05ce1b6f52b73242205502245d02ed64e8ff840e7ce505397e44
SHA1 hash: 266e856acf9bfe7bafe4ff8b85df1ab25d7e4d53
MD5 hash: 000af1526dbe3fd6a92d49c40f301851
humanhash: network-william-glucose-paris
File name:PO 100385304 - NEW ORDER.IMG
Download: download sample
Signature MassLogger
Create hunting rule
File size:1'703'936 bytes
First seen:2020-06-04 06:25:44 UTC
Last seen:Never
File type: img
MIME type:application/x-iso9660-image
ssdeep 24576:SblMfjZYb/Z60YaLLmsnaN6JJk6/0wpCe94RKyE:SblMfjZYb/00ON6H//9oE
TLSH E775BE9D721072EFC85BD472DEA82C68BA94787B471B4203A02B15EDDE4D997CF241F2
Reporter abuse_ch
Tags:img MassLogger


Avatar
abuse_ch
Malspam distributing MassLogger:

HELO: af108.secure.ne.jp
Sending IP: 150.60.155.254
From: Mohamed Ziada <yeliz@cagsmm.com>
Reply-To: marketing@bharathimro.com
Subject: RE: Quotation - 60081-PO-100385304
Attachment: PO 100385304 - NEW ORDER.IMG (contains "PO# 100385304 - NEW ORDER.exe")

MassLogger C2:
http://ceccatospinerets.com/themes/default-bootstrap/img/icon/office/upload.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
ByteCode-MSIL.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-06-04 06:37:50 UTC
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wrf5x2zvmf5xsdbok7j6ftme7ddmepoywmvhkwpm2cbcfvlubcmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

MassLogger

img b44bdbeb35617b790c2e57d3e2cd84f8c6c23dd8b32a7559ecd08222d5740899

(this sample)

MassLogger

Executable exe c43664e2b2ec5c1f4d836f46e2e13452a4d717b8cfd39bd3deceba6bac70d45f

  
Dropping
MD5 8dd50f27b2819e6f9a9c591a98ba48cd
  
Dropping
MassLogger
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 c43664e2b2ec5c1f4d836f46e2e13452a4d717b8cfd39bd3deceba6bac70d45f

Comments